Ketchup wrote:Are you sure your target is MS08-067 vulnerable? Any chance it was patched?

well , its sp3 so i think its not Vulnerable since the MS08_067 exploit not working into sp3 patched system

thats why i ask about is there anyway to exploit port 445 at xp sp3 system ??

and what do u think about this bug

btw this bug also happened when i successfuly exploited vulnerable MS08_067 system after the exploit complete and session has been opened it disappeared :S dunno why this happen only in Metasploit 3.3.3

Yes, you can exploit port 445 on an XP SP3 machine. Bug, why are you just randomly sanding exploits against this machine? Why not identify the vulnerability first? Coincidentally, I find that the MS08-067 is the one most common false positives.

Yes, you can exploit port 445 on an XP SP3 machine. Bug, why are you just randomly sanding exploits against this machine? Why not identify the vulnerability first? Coincidentally, I find that the MS08-067 is the one most common false positives.

Not shown: 997 filtered portsPORT STATE SERVICE VERSION139/tcp open netbios-ssn445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds5101/tcp open admdog?

That list shows open ports, and generically defined services. Your next steps should be connecting to those ports, and banner grabbing / researching, to see what service versions, etc, are reported as running on those ports, then follow up with searches for vulnerabilities existing on those versions and services.

For instance, you might find that some other service is actually using that port, and it's not really Microsoft ds on there, at all. Conversely, you could be hitting a honeypot (if this were a real-life pentest,) where that port isn't really even running the exploitable service, but responds to queries as if it was. You need to adequately try to determine what's running, not just gather a basic list of responding ports, and start attacking.

These are very tried and true principles for pentesting, and you need to do some digging on them, rather than just throwing a list of nmap reported open ports to the list. We're here to help, and to answer educated questions, not to lead you through every step. (No offense intended, just recommending you spend more time on this than simply a base nmap scan, followed by, "why doesn't an exploit work on 445?")

I understand that you're running a tool, like Metasploit, to perform these tests, but sometimes, you need to have a clearer understanding of the target system and it's services, before just throwing Metasploit and other tools at it, in the hopes that generically defined exploits will 'just work' as you'd like / expect them to.

Good luck, and as you continue, let us know what more you find.

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

That list shows open ports, and generically defined services. Your next steps should be connecting to those ports, and banner grabbing / researching, to see what service versions, etc, are reported as running on those ports, then follow up with searches for vulnerabilities existing on those versions and services.

thanks for info i will try telnet or netcat for banner grabbing For instance, you might find that some other service is actually using that port, and it's not really Microsoft ds on there, at all. Conversely, you could be hitting a honeypot (if this were a real-life pentest,) where that port isn't really even running the exploitable service, but responds to queries as if it was. You need to adequately try to determine what's running, not just gather a basic list of responding ports, and start attacking. ;)

These are very tried and true principles for pentesting, and you need to do some digging on them, rather than just throwing a list of nmap reported open ports to the list. We're here to help, and to answer educated questions, not to lead you through every step. (No offense intended, just recommending you spend more time on this than simply a base nmap scan, followed by, "why doesn't an exploit work on 445?")

I understand that you're running a tool, like Metasploit, to perform these tests, but sometimes, you need to have a clearer understanding of the target system and it's services, before just throwing Metasploit and other tools at it, in the hopes that generically defined exploits will 'just work' as you'd like / expect them to.

Pay close attention to what Ketchup told you. When I mentioned banner grabbing, I wasn't specifically doing so, for 445. It was a generalization, that is something you should be doing to any list you get from your initial scans, before trying to just jump in and exploit.

But Ketchup's advice is very valid, for your port 445 scenario.

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

hayabusa wrote:Pay close attention to what Ketchup told you. When I mentioned banner grabbing, I wasn't specifically doing so, for 445. It was a generalization, that is something you should be doing to any list you get from your initial scans, before trying to just jump in and exploit.

But Ketchup's advice is very valid, for your port 445 scenario.

yes i know Hayabusa but why i did it for port 445 only because i know that port 139 netbios not possible to exploit under windows xp sp3 patched system

hayabusa wrote:Pay close attention to what Ketchup told you. When I mentioned banner grabbing, I wasn't specifically doing so, for 445. It was a generalization, that is something you should be doing to any list you get from your initial scans, before trying to just jump in and exploit.

But Ketchup's advice is very valid, for your port 445 scenario.

yes i know Hayabusa but why i did it for port 445 only because i know that port 139 netbios not possible to exploit under windows xp sp3 patched system

i tried many times with no success :S

its on sp1 i think only

Understood, but I seem to recall your list also showed port 5101 tcp, as well.... (I don't have the time to assist further, today (heavy workload,) so I'll leave this one in Ketchup's hands, and maybe pick up again, tomorrow, if things lighten up.

Good luck.

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'